Google on Monday announced fixes for more than 40 vulnerabilities in Android, warning that two of the issues are actively exploited in the wild.
The exploited flaws include CVE-2024-43093, a bypass of a file path filter in the Framework component that could lead to privilege escalation, and CVE-2024-50302, a zero-initialize issue with the report buffer in Linux kernel that could lead to memory leaks.
Google’s March 2025 Android security bulletin warns “there are indications” that these security defects “may be under limited, targeted exploitation”, without providing further information on the observed attacks.
This is the second time Google warns of CVE-2024-43093 being exploited in the wild without sharing additional details, after rolling out fixes for it as part of the November 2024 Android update.
According to a recent Amnesty International report, CVE-2024-50302 was likely exploited as a zero-day by Cellebrite’s mobile forensic tools to bypass the lockscreen of the Android phone of a Serbian student activist.
The first part of this month’s Android update, which arrives on devices as the 2025-03-01 security patch level, contains fixes for 30 vulnerabilities: nine in Framework and 21 in System.
Of the bugs resolved in System, 10 are critical-severity issues, including eight that could lead to remote code execution. The remaining two could be exploited to elevate privileges and cause a denial-of-service (DoS) condition, respectively.
“The most severe of these issues is a critical security vulnerability in the System component that could lead to remote code execution with no additional execution privileges needed,” Google notes.
The second part of the update arrives on devices as the 2025-03-05 security patch level, addressing all the flaws above, vulnerabilities resolved with previous updates, and 13 additional security defects in Kernel, MediaTek, and Qualcomm components.
On Monday, Google also published an Android Wear OS security bulletin, which details two security defects. Updating devices to a security patch level of 2025-03-01 also resolves the vulnerabilities patched in Android this month.
While there were no Android Automotive OS security patches released this month, users are advised to update to a security patch level of 2025-03-01, which contains this month’s Android fixes.
Related: Vulnerability Patched in Android Possibly Exploited by Forensic Tools
Related: First Android Update of 2025 Patches Critical Code Execution Vulnerabilities
Related: Qualcomm Extends Security Support for Android Devices to 8 Years
Related: Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist